360 matches found
AZL-45084 CVE-2020-8116 affecting package js-jquery 3.5.0-4
Prototype pollution vulnerability in dot-prop npm package versions before 4.2.1 and versions 5.x before 5.1.1 allows an attacker to add arbitrary properties to JavaScript language constructs such as objects...
Debian: Security Advisory (DSA-4606-1)
The remote host is missing an update for the Debian SPDX-FileCopyrightText: 2020 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
[SECURITY] [DSA 4606-1] chromium security update
------------------------------------------------------------------------- Debian Security Advisory DSA-4606-1 [email protected] https://www.debian.org/security/ Michael Gilbert January 20, 2020 https://www.debian.org/security/faq -...
3nit-utils (>=0.30.0 <=1.0.2), @aller/theming (>=1.0.0 <=1.0.2) +25 more potentially affected by unknown CVE via devalue (=2.0.0)
devalue NPM version =2.0.0 is affected by a known vulnerability. The following packages have a transitive dependency on devalue and may be impacted: - 3nit-utils =0.30.0, =1.0.0, =1.2.1-next.3, =0.0.1, =0.1.1, =1.11.8, =4.1.1, =0.1.2, =0.1.1, =0.0.2-canary.2, =9.0.5, =9.1.5-canary.9 and more Sour...
Debian DSA-4562-1 : chromium - security update
Several vulnerabilities have been discovered in the chromium web browser. - CVE-2019-5869 Zhe Jin discovered a use-after-free issue. - CVE-2019-5870 Guang Gong discovered a use-after-free issue. - CVE-2019-5871 A buffer overflow issue was discovered in the skia library. - CVE-2019-5872 Zhe Jin...
Debian: Security Advisory (DSA-4562-1)
The remote host is missing an update for the Debian SPDX-FileCopyrightText: 2019 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
Magecart skimmers found on Amazon CloudFront CDN
Update 06-08-2019: The compromises of Amazon S3 buckets continue and some large sites are being affected. Our crawler spotted a malicious injection that loads a skimmer for the Washington Wizards page on the official NBA.com website. The skimmer was inserted in this JavaScript library:...
Debian DSA-4289-1 : chromium-browser - security update
Several vulnerabilities have been discovered in the chromium web browser. - CVE-2018-16065 Brendon Tiszka discovered an out-of-bounds write issue in the v8 JavaScript library. - CVE-2018-16066 cloudfuzzer discovered an out-of-bounds read issue in blink/webkit. - CVE-2018-16067 Zhe Jin discovered ...
Debian DLA-1492-1 : dojo security update
It was discovered that there was a string injection vulnerability in the 'dojo' JavaScript library. For Debian 8 'Jessie', this issue has been fixed in dojo version 1.10.2+dfsg-1+deb8u1 by Abhijith PA. We recommend that you upgrade your dojo packages. NOTE: Tenable Network Security has extracted...
USN-3749-1: Spidermonkey vulnerabilities
Multiple memory safety issues were fixed in Spidermonkey. An attacker could potentially exploit these to cause a denial of service, or execute arbitrary code...
[SECURITY] Fedora 28 Update: python-XStatic-jquery-ui-1.12.0.1-2.fc28
JavaScript library packaged for setuptools easyinstall / pip. This package is intended to be used by any project that needs these files. It intentionally does not provide any extra code except some metadata nor has any extra requirements...
[SECURITY] Fedora 27 Update: python-XStatic-jquery-ui-1.12.0.1-2.fc27
JavaScript library packaged for setuptools easyinstall / pip. This package is intended to be used by any project that needs these files. It intentionally does not provide any extra code except some metadata nor has any extra requirements...
dns-sync Command Injection Vulnerability
dns-sync is a library used in Node.js that allows to resolve hostnames in a synchronized way. A security vulnerability exists in dns-sync. An attacker can exploit this vulnerability to inject commands with untrusted user input...
CVE-2016-10681
roslib-socketio - The standard ROS Javascript Library fork for add support to socket.io roslib-socketio downloads binary resources over HTTP, which leaves it vulnerable to MITM attacks. It may be possible to cause remote code execution RCE by swapping out the requested resources with an attacker...
[SECURITY] Fedora 25 Update: python-XStatic-jquery-ui-1.12.0.1-4.fc25
jquery-ui javascript library packaged for setuptools easyinstall / pip...
Debian DSA-4020-1 : chromium-browser - security update
Several vulnerabilities have been discovered in the chromium web browser. In addition, this message serves as an annoucment that security support for chromium in the oldstable release jessie, Debian 8, is now discontinued. Debian 8 chromium users that desire continued security updates are strongl...
Debian: Security Advisory (DSA-4024-1)
The remote host is missing an update for the Debian SPDX-FileCopyrightText: 2017 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
CVE-2015-7980
Cross-site scripting XSS vulnerability in the Compass Rose module 6.x-1.x before 6.x-1.1 for Drupal allows remote attackers to inject arbitrary web script or HTML via unspecified vectors, related to "embedding a JavaScript library from an external source that was not reliable."...
Debian DSA-3985-1 : chromium-browser - security update
Several vulnerabilities have been discovered in the chromium web browser. - CVE-2017-5111 Luat Nguyen discovered a use-after-free issue in the pdfium library. - CVE-2017-5112 Tobias Klein discovered a buffer overflow issue in the webgl library. - CVE-2017-5113 A buffer overflow issue was discover...
CVE-2017-0893
Nextcloud Server before 9.0.58 and 10.0.5 and 11.0.3 are shipping a vulnerable JavaScript library for sanitizing untrusted user-input which suffered from a XSS vulnerability caused by a behaviour change in Safari 10.1 and 10.2. Note that Nextcloud employs a strict Content-Security-Policy preventi...